DHS orders federal agencies to bolster cybersecurity with HTTPS, email authentication
The US Department of Homeland Security will require federal agencies to use web and email encryption practices to enhance their security posture.

On Monday, the US Department of Homeland Security announced a new requirement for federal agencies to employ web and email encryption to boost cybersecurity protections.

At a cybersecurity roundtable hosted by the Global Cyber Alliance, Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at the Department of Homeland Security, issued a Binding Operational Directive (BOD) for these federal agencies to implement these cyber policies.

Within 90 days, all federal agencies must deploy the email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance). This will help prevent spam and phishing attackers from using federal agency email domains to conduct their attacks. Organizations using DMARC receive less than a quarter of the threats received by those that do not use the technology, according to a report from security firm GreatHorn.

And within 120 days, all federal agencies must employ HTTPS (Hypertext Transfer Protocol Secure) for all websites to ensure safer connections for citizens, and use other encryption protocols such as STARTTLS to help ensure that communications with the federal government are secure.

"It is critical that U.S. citizens can trust their online engagements with all levels of the federal government," Manfra said in a press release. "Today, we are calling on all federal agencies to deploy a toolkit of advanced cybersecurity technologies that will enable them to better fulfill our ultimate mission - serving and protecting the American public."

Some 85% of consumer email inboxes in the US support DMARC, including Gmail, Yahoo, and Microsoft accounts. But DMARC adoption rates among government and enterprises remains low, according to the Global Cyber Alliance.

"DMARC doesn't protect email, it protects people," said Phil Reitinger, president and CEO of the Global Cyber Alliance, in the release. "Once federal agencies fully deploy DMARC, citizens cannot be phished by a criminal posing as a government employee. The federal government is stepping up and setting an example that the private sector should follow. If the U.S. government can deploy DMARC across more than 1,300 domains, then we should expect the same of the companies on which we depend."

Certain federal agencies, including the Federal Trade Commission and the Social Security Administration, already enable DMARC, according to CNN.

As ZDNet noted, Homeland Security has pushed businesses to enable HTTPS web encryption and DMARC in the past. And in 2015, the Obama administration issued the HTTPS-Only Standard directive, requiring that all publicly accessible federal websites and web services only provide service through a secure HTTPS connection. However, today, about one-quarter of all federal sites still don't support basic website encryption, ZDNet noted.

The new order signals an increasing focus on protecting government and civilian data, in light of a number of high profile breaches and security concerns.

The 3 big takeaways for TechRepublic readers

1. On Monday, the US Department of Homeland Security announced a new requirement for federal agencies to use web and email encryption to improve cybersecurity.

2. A Binding Operational Directive (BOD) from the department will require federal agencies to implement HTTPS and DMARC in the coming months.

3. While the department has encouraged enterprises to implement HTTPS in the past, this marks a push to do the same for federal agencies to better protect government and civilian communications and data.

 

Source : http://www.techrepublic.com/article/dhs-orders-federal-agencies-to-bolster-cybersecurity-with-https-email-authentication/

Given the complexities of digital financial world, let us put cybersecurity as core focus, for the leaks of data security can jeopardize the credibility and growth of the whole industry. For this reason, Asosiasi FinTech Indonesia fully supports Cyber Security Indonesia 2017 to create top of mind awareness on cybersecurity issue.

Niki Santo Luhur
Chairman - FinTech Indonesia Association

Now the whole industry begins to understand that it's better to prevent than to lose access and control data because of negligence to keep the data secure. Hence, this encourages APTIKNAS to endorse the implementation of Cyber Security Indonesia.

Fanky Christian
Head of DPD DKI - APTIKNAS (Indonesian ICT Business Association)

Indonesia, with its vast wealth of information is in urgent need of preventive and defensive measures against cyber threats. Other than protecting national interest, such measures are also required to protect the interest of its citizens. Actions taken may not be adequate through policies and regulations but through concrete actions involving all components of the nation. Hence LEMSANEG welcomes and endorses Cyber Security Indonesia 2017.

Major General (TNI), Dr Djoko Setiadi, M.Si
The Head of LEMSANEG (State Cryptography Agency)

ATSI (Indonesian Telecommunication Providers Association) supports Cyber Security Indonesia 2017 to encourage concern and awareness of the important needs of cyber protection system to prevent and minimise cyber crime for individuals, communities, governments and also companies in Indonesia.

Sutrisman Raden
Executive Director of ATSI